"In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"
The author never explained how the contents of that paper were related to the js attack on freedomhost users. It just seemed like an aside about the security of the Tor network in general. Since they (allegedly) found the guy running freedomhosting, maybe they were using those cookies to do a traffic correlation attack to find the host?
"In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf